Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2024/09/27 5:51 a.m.7 views

Spoofing Attack

mellium.im/xmpp is vulnerable to Spoofing Attack. The vulnerability is due to the implementation of the Mellium XMPP library, which does not check the stanza type and allows the use of predictable IDs, leading to the possibility of response spoofing...

9.8CVSS6.7AI score0.0014EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/05/13 1:11 a.m.6 views

Smack allows the bypass of TLS protections

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

5.9CVSS6.9AI score0.00493EPSS
Exploits0References9Affected Software1
Prion
Prionadded 2017/01/12 11:59 p.m.16 views

Race condition

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

4.3CVSS7.2AI score0.00493EPSS
Exploits0References7Affected Software2
NVD
NVDadded 2017/01/12 11:59 p.m.20 views

CVE-2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

5.9CVSS5.8AI score0.00493EPSS
Exploits0References7
CVE
CVEadded 2017/01/12 11:0 p.m.61 views

CVE-2016-10027

The CVE refers to Smack’s XMPP library (pre-4.1.9). A race condition when TLS SecurityMode.required is set can let an attacker perform a MITM by stripping the server’s starttls feature, bypassing TLS protections and causing client authentication to fall back to cleartext. Affected: Smack versions...

5.9CVSS5.7AI score0.00493EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVEadded 2016/12/23 7:47 a.m.25 views

CVE-2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

7.5CVSS5.3AI score0.00493EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2016/10/14 12:0 a.m.12 views

Atlassian Bamboo Server 5.9.x < 5.9.9 Multiple Vulnerabilities

Binary data 9668.prm...

9.8CVSS7.3AI score0.01194EPSS
Exploits0References6
securityvulns
securityvulnsadded 2014/08/11 12:0 a.m.93 views

CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java

CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java =================================================================== Smack http://www.igniterealtime.org/projects/smack/ is an Open Source XMPP Jabber client library for instant messaging and presence written in Java. Smack prior ...

6.8CVSS0.8AI score0.00897EPSS
Exploits0
Rows per page
Query Builder